#
1.34 |
|
26-Mar-2024 |
beck |
Add an indicator that an extension has been processed.
ok jsing@
|
Revision tags: OPENBSD_7_4_BASE OPENBSD_7_5_BASE
|
#
1.33 |
|
23-Apr-2023 |
tb |
Randomize the order of TLS extensions
On creation of an SSL using SSL_new(), randomize the order in which the extensions will be sent. There are several constraints: the PSK extension must always come last. The order cannot be randomized on a per-message basis as the strict interpretation of the standard chosen in the CH hashing doesn't allow changing the order between first and second ClientHello.
Another constraint is that the current code calls callbacks directly on parsing an extension, which means that the order callbacks are called depends on the order in which the peer sent the extensions. This results in breaking apache-httpd setups using virtual hosts with full ranomization because virtual hosts don't work if the SNI is unknown at the time the ALPN callback is called. So for the time being, we ensure that SNI always precedes ALPN to avoid issues until this issue is fixed.
This is based on an idea by David Benjamin https://boringssl-review.googlesource.com/c/boringssl/+/48045
Input & ok jsing
|
Revision tags: OPENBSD_7_2_BASE OPENBSD_7_3_BASE
|
#
1.32 |
|
04-Aug-2022 |
tb |
Make tlsext_*_{build,needs,parse}() functions static
None of these functions are used outside of ssl_tlsext.c. The only reason they are prototyped in the header is for the use of tlsexttest.c. Rather than having a big pile of useless copy-paste in the header, we can adapt the test to avoid using these functions directly.
ok jsing
|
#
1.31 |
|
20-Jul-2022 |
tb |
Factor out ALPN extension format check
The ALPN extension must contain a non-empty list of protocol names. Split a check of this out of tlsext_alpn_server_parse() so that it can be reused elsewhere in the library.
ok jsing
|
#
1.30 |
|
29-Jun-2022 |
beck |
Add support for sending QUIC transport parameters
This is the start of adding the boringssl API for QUIC support, and the TLS extensions necessary to send and receive QUIC transport data.
Inspired by boringssl's https://boringssl-review.googlesource.com/24464
ok jsing@ tb@
|
#
1.29 |
|
03-Jun-2022 |
tb |
Add stubbed out handlers for the pre_shared_key extension
ok jsing
|
#
1.28 |
|
03-Jun-2022 |
tb |
Implement handlers for the psk_key_exchange_modes extensions.
ok jsing
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.27 |
|
01-Nov-2021 |
jsing |
Improve SNI hostname validation.
For some time now we've validated the hostname provided to the server in the SNI extension. Per RFC 6066, an IP literal is invalid as a hostname - the current code rejects IPv6 literals, but allows IPv4 literals through.
Improve this check to explicitly detect both IPv4 and IPv6 literals. Some software has been historically known to include IP literals in SNI, so rather than rejecting this outright (and failing with a decode error), pretend that the SNI extension does not exist (such that we do not break some older clients).
ok inoguchi@ tb@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.26 |
|
11-Oct-2020 |
guenther |
Constipate ssl3_ciphers and tls1[23]_sigalgs*, pushing them into .data.rel.ro and .rodata respectively.
ok tb@ jsing@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.25 |
|
03-Jul-2020 |
tb |
Make the message type available to the extension functions
Some TLS extensions need to be treated differently depending on the handshake message they appear in. Over time, various workarounds and hacks were used to deal with the unavailability of the message type in these functions, but this is getting fragile and unwieldy. Having the message type available will enable us to clean this code up and will allow simple fixes for a number of bugs in our handling of the status_request extension reported by Michael Forney.
This approach was suggested a while ago by jsing.
ok beck jsing
|
#
1.24 |
|
03-Jul-2020 |
tb |
Improve argument order for the internal tlsext API
Move is_server and msg_type right after the SSL object so that CBS and CBB and alert come last. This brings these functions more in line with other internal functions and separates state from data.
requested by jsing
|
#
1.23 |
|
23-May-2020 |
beck |
Enforce that SNI hostnames be correct as per rfc 6066 and 5980. Correct SNI alerts to differentiate between illegal parameter and an unknown name.
ok tb@`
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.22 |
|
25-Jan-2020 |
jsing |
Correct value for SSL_TLSEXT_MSG_HRR.
ok beck@ tb@
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.21 |
|
28-Jan-2019 |
beck |
Add tls_extension_seen(), a utility to know if a particular extension has been seen in the handshake so far. Use it for keyshare. ok tb@
|
#
1.20 |
|
24-Jan-2019 |
beck |
Add server side of versions, keyshare, and client and server of cookie extensions for tls1.3. versions is currently defanged to ignore its result until tls13 server side wired in full, so that server side code still works today when we only support tls 1.2 ok bcook@ tb@ jsing@
|
#
1.19 |
|
23-Jan-2019 |
beck |
revert previous, accidentally contained another diff in addition to the one I intended to commit
|
#
1.18 |
|
23-Jan-2019 |
beck |
Modify sigalgs extension processing for TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@
|
#
1.17 |
|
18-Jan-2019 |
beck |
copyright
|
#
1.16 |
|
18-Jan-2019 |
beck |
Add client side of supported versions and keyshare extensions with basic regress ok jsing@
|
#
1.15 |
|
18-Jan-2019 |
jsing |
Rename TLS extension handling to use less "hello".
When the TLS extension code was rewritten, TLS extensions could only exist in ClientHello and ServerHello messages - as such, they were named in pairs of *_clienthello_{needs,build} which would be called by the client and *_clienthello_parse. Likewise for *_serverhello_{needs,build} which would be called by a server and *_serverhello_parse, which would be called by a client.
Enter TLSv1.3 - TLS extensions can now exist in one of seven messages, with only certain types being allowed to appear in each, meaning the naming scheme no longer works. Instead, rename them to indicate the caller rather than the message type - this effectively means:
clienthello_needs -> client_needs clienthello_build -> client_build clienthello_parse -> server_parse serverhello_needs -> server_needs serverhello_build -> server_build serverhello_parse -> client_parse
ok beck@ tb@
|
#
1.14 |
|
09-Nov-2018 |
jsing |
Add header guards and hidden declarations.
|
#
1.13 |
|
05-Nov-2018 |
jsing |
Rename the TLS Supported Elliptic Curves extension to Supported Groups.
RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported Groups and redefined it to include finite field DH (FFDH) in addition to elliptic curve DH (ECDH). As such, rename the TLS extension and change the associated code to refer to groups rather than curves.
ok beck@ tb@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.12 |
|
08-Feb-2018 |
jsing |
Complete the TLS extension rewrite on the client-side.
The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down.
This also deduplicates the tlsext_client_build() and tlsext_server_build() code.
ok beck@
|
#
1.11 |
|
27-Jan-2018 |
jsing |
Complete the TLS extension handling rewrite for the server-side.
This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist.
The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions).
ok inoguchi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.10 |
|
27-Aug-2017 |
doug |
Rewrite SRTP extension using CBB/CBS and the new extension framework.
input + ok beck@, jsing@
|
#
1.9 |
|
26-Aug-2017 |
doug |
Rewrite ALPN extension using CBB/CBS and the new extension framework.
ok bcook@ beck@ input + ok jsing@
|
#
1.8 |
|
12-Aug-2017 |
beck |
Rewrite the TLS status request extension to use the new TLS extension framework. ok jsing@
|
#
1.7 |
|
12-Aug-2017 |
jsing |
Convert TLS signature algorithms extension handling to the new framework.
ok beck@ doug@
|
#
1.6 |
|
12-Aug-2017 |
doug |
Rewrite session ticket TLS extension handling using CBB/CBS and the new extension framework.
ok jsing@ beck@
|
#
1.5 |
|
11-Aug-2017 |
doug |
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.4 |
|
11-Aug-2017 |
jsing |
Add doug@'s copyright since he just added code to these two files.
|
#
1.3 |
|
11-Aug-2017 |
doug |
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.2 |
|
24-Jul-2017 |
jsing |
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework.
Feedback from doug@
ok inoguchi@
|
#
1.1 |
|
16-Jul-2017 |
jsing |
Start rewriting TLS extension handling.
Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code.
Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process.
Discussed with beck@
ok inoguchi@
|
#
1.33 |
|
23-Apr-2023 |
tb |
Randomize the order of TLS extensions
On creation of an SSL using SSL_new(), randomize the order in which the extensions will be sent. There are several constraints: the PSK extension must always come last. The order cannot be randomized on a per-message basis as the strict interpretation of the standard chosen in the CH hashing doesn't allow changing the order between first and second ClientHello.
Another constraint is that the current code calls callbacks directly on parsing an extension, which means that the order callbacks are called depends on the order in which the peer sent the extensions. This results in breaking apache-httpd setups using virtual hosts with full ranomization because virtual hosts don't work if the SNI is unknown at the time the ALPN callback is called. So for the time being, we ensure that SNI always precedes ALPN to avoid issues until this issue is fixed.
This is based on an idea by David Benjamin https://boringssl-review.googlesource.com/c/boringssl/+/48045
Input & ok jsing
|
Revision tags: OPENBSD_7_2_BASE OPENBSD_7_3_BASE
|
#
1.32 |
|
04-Aug-2022 |
tb |
Make tlsext_*_{build,needs,parse}() functions static
None of these functions are used outside of ssl_tlsext.c. The only reason they are prototyped in the header is for the use of tlsexttest.c. Rather than having a big pile of useless copy-paste in the header, we can adapt the test to avoid using these functions directly.
ok jsing
|
#
1.31 |
|
20-Jul-2022 |
tb |
Factor out ALPN extension format check
The ALPN extension must contain a non-empty list of protocol names. Split a check of this out of tlsext_alpn_server_parse() so that it can be reused elsewhere in the library.
ok jsing
|
#
1.30 |
|
29-Jun-2022 |
beck |
Add support for sending QUIC transport parameters
This is the start of adding the boringssl API for QUIC support, and the TLS extensions necessary to send and receive QUIC transport data.
Inspired by boringssl's https://boringssl-review.googlesource.com/24464
ok jsing@ tb@
|
#
1.29 |
|
03-Jun-2022 |
tb |
Add stubbed out handlers for the pre_shared_key extension
ok jsing
|
#
1.28 |
|
03-Jun-2022 |
tb |
Implement handlers for the psk_key_exchange_modes extensions.
ok jsing
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.27 |
|
01-Nov-2021 |
jsing |
Improve SNI hostname validation.
For some time now we've validated the hostname provided to the server in the SNI extension. Per RFC 6066, an IP literal is invalid as a hostname - the current code rejects IPv6 literals, but allows IPv4 literals through.
Improve this check to explicitly detect both IPv4 and IPv6 literals. Some software has been historically known to include IP literals in SNI, so rather than rejecting this outright (and failing with a decode error), pretend that the SNI extension does not exist (such that we do not break some older clients).
ok inoguchi@ tb@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.26 |
|
11-Oct-2020 |
guenther |
Constipate ssl3_ciphers and tls1[23]_sigalgs*, pushing them into .data.rel.ro and .rodata respectively.
ok tb@ jsing@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.25 |
|
03-Jul-2020 |
tb |
Make the message type available to the extension functions
Some TLS extensions need to be treated differently depending on the handshake message they appear in. Over time, various workarounds and hacks were used to deal with the unavailability of the message type in these functions, but this is getting fragile and unwieldy. Having the message type available will enable us to clean this code up and will allow simple fixes for a number of bugs in our handling of the status_request extension reported by Michael Forney.
This approach was suggested a while ago by jsing.
ok beck jsing
|
#
1.24 |
|
03-Jul-2020 |
tb |
Improve argument order for the internal tlsext API
Move is_server and msg_type right after the SSL object so that CBS and CBB and alert come last. This brings these functions more in line with other internal functions and separates state from data.
requested by jsing
|
#
1.23 |
|
23-May-2020 |
beck |
Enforce that SNI hostnames be correct as per rfc 6066 and 5980. Correct SNI alerts to differentiate between illegal parameter and an unknown name.
ok tb@`
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.22 |
|
25-Jan-2020 |
jsing |
Correct value for SSL_TLSEXT_MSG_HRR.
ok beck@ tb@
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.21 |
|
28-Jan-2019 |
beck |
Add tls_extension_seen(), a utility to know if a particular extension has been seen in the handshake so far. Use it for keyshare. ok tb@
|
#
1.20 |
|
24-Jan-2019 |
beck |
Add server side of versions, keyshare, and client and server of cookie extensions for tls1.3. versions is currently defanged to ignore its result until tls13 server side wired in full, so that server side code still works today when we only support tls 1.2 ok bcook@ tb@ jsing@
|
#
1.19 |
|
23-Jan-2019 |
beck |
revert previous, accidentally contained another diff in addition to the one I intended to commit
|
#
1.18 |
|
23-Jan-2019 |
beck |
Modify sigalgs extension processing for TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@
|
#
1.17 |
|
18-Jan-2019 |
beck |
copyright
|
#
1.16 |
|
18-Jan-2019 |
beck |
Add client side of supported versions and keyshare extensions with basic regress ok jsing@
|
#
1.15 |
|
18-Jan-2019 |
jsing |
Rename TLS extension handling to use less "hello".
When the TLS extension code was rewritten, TLS extensions could only exist in ClientHello and ServerHello messages - as such, they were named in pairs of *_clienthello_{needs,build} which would be called by the client and *_clienthello_parse. Likewise for *_serverhello_{needs,build} which would be called by a server and *_serverhello_parse, which would be called by a client.
Enter TLSv1.3 - TLS extensions can now exist in one of seven messages, with only certain types being allowed to appear in each, meaning the naming scheme no longer works. Instead, rename them to indicate the caller rather than the message type - this effectively means:
clienthello_needs -> client_needs clienthello_build -> client_build clienthello_parse -> server_parse serverhello_needs -> server_needs serverhello_build -> server_build serverhello_parse -> client_parse
ok beck@ tb@
|
#
1.14 |
|
09-Nov-2018 |
jsing |
Add header guards and hidden declarations.
|
#
1.13 |
|
05-Nov-2018 |
jsing |
Rename the TLS Supported Elliptic Curves extension to Supported Groups.
RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported Groups and redefined it to include finite field DH (FFDH) in addition to elliptic curve DH (ECDH). As such, rename the TLS extension and change the associated code to refer to groups rather than curves.
ok beck@ tb@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.12 |
|
08-Feb-2018 |
jsing |
Complete the TLS extension rewrite on the client-side.
The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down.
This also deduplicates the tlsext_client_build() and tlsext_server_build() code.
ok beck@
|
#
1.11 |
|
27-Jan-2018 |
jsing |
Complete the TLS extension handling rewrite for the server-side.
This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist.
The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions).
ok inoguchi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.10 |
|
27-Aug-2017 |
doug |
Rewrite SRTP extension using CBB/CBS and the new extension framework.
input + ok beck@, jsing@
|
#
1.9 |
|
26-Aug-2017 |
doug |
Rewrite ALPN extension using CBB/CBS and the new extension framework.
ok bcook@ beck@ input + ok jsing@
|
#
1.8 |
|
12-Aug-2017 |
beck |
Rewrite the TLS status request extension to use the new TLS extension framework. ok jsing@
|
#
1.7 |
|
12-Aug-2017 |
jsing |
Convert TLS signature algorithms extension handling to the new framework.
ok beck@ doug@
|
#
1.6 |
|
12-Aug-2017 |
doug |
Rewrite session ticket TLS extension handling using CBB/CBS and the new extension framework.
ok jsing@ beck@
|
#
1.5 |
|
11-Aug-2017 |
doug |
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.4 |
|
11-Aug-2017 |
jsing |
Add doug@'s copyright since he just added code to these two files.
|
#
1.3 |
|
11-Aug-2017 |
doug |
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.2 |
|
24-Jul-2017 |
jsing |
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework.
Feedback from doug@
ok inoguchi@
|
#
1.1 |
|
16-Jul-2017 |
jsing |
Start rewriting TLS extension handling.
Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code.
Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process.
Discussed with beck@
ok inoguchi@
|
#
1.32 |
|
04-Aug-2022 |
tb |
Make tlsext_*_{build,needs,parse}() functions static
None of these functions are used outside of ssl_tlsext.c. The only reason they are prototyped in the header is for the use of tlsexttest.c. Rather than having a big pile of useless copy-paste in the header, we can adapt the test to avoid using these functions directly.
ok jsing
|
#
1.31 |
|
20-Jul-2022 |
tb |
Factor out ALPN extension format check
The ALPN extension must contain a non-empty list of protocol names. Split a check of this out of tlsext_alpn_server_parse() so that it can be reused elsewhere in the library.
ok jsing
|
#
1.30 |
|
29-Jun-2022 |
beck |
Add support for sending QUIC transport parameters
This is the start of adding the boringssl API for QUIC support, and the TLS extensions necessary to send and receive QUIC transport data.
Inspired by boringssl's https://boringssl-review.googlesource.com/24464
ok jsing@ tb@
|
#
1.29 |
|
03-Jun-2022 |
tb |
Add stubbed out handlers for the pre_shared_key extension
ok jsing
|
#
1.28 |
|
03-Jun-2022 |
tb |
Implement handlers for the psk_key_exchange_modes extensions.
ok jsing
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.27 |
|
01-Nov-2021 |
jsing |
Improve SNI hostname validation.
For some time now we've validated the hostname provided to the server in the SNI extension. Per RFC 6066, an IP literal is invalid as a hostname - the current code rejects IPv6 literals, but allows IPv4 literals through.
Improve this check to explicitly detect both IPv4 and IPv6 literals. Some software has been historically known to include IP literals in SNI, so rather than rejecting this outright (and failing with a decode error), pretend that the SNI extension does not exist (such that we do not break some older clients).
ok inoguchi@ tb@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.26 |
|
11-Oct-2020 |
guenther |
Constipate ssl3_ciphers and tls1[23]_sigalgs*, pushing them into .data.rel.ro and .rodata respectively.
ok tb@ jsing@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.25 |
|
03-Jul-2020 |
tb |
Make the message type available to the extension functions
Some TLS extensions need to be treated differently depending on the handshake message they appear in. Over time, various workarounds and hacks were used to deal with the unavailability of the message type in these functions, but this is getting fragile and unwieldy. Having the message type available will enable us to clean this code up and will allow simple fixes for a number of bugs in our handling of the status_request extension reported by Michael Forney.
This approach was suggested a while ago by jsing.
ok beck jsing
|
#
1.24 |
|
03-Jul-2020 |
tb |
Improve argument order for the internal tlsext API
Move is_server and msg_type right after the SSL object so that CBS and CBB and alert come last. This brings these functions more in line with other internal functions and separates state from data.
requested by jsing
|
#
1.23 |
|
23-May-2020 |
beck |
Enforce that SNI hostnames be correct as per rfc 6066 and 5980. Correct SNI alerts to differentiate between illegal parameter and an unknown name.
ok tb@`
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.22 |
|
25-Jan-2020 |
jsing |
Correct value for SSL_TLSEXT_MSG_HRR.
ok beck@ tb@
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.21 |
|
28-Jan-2019 |
beck |
Add tls_extension_seen(), a utility to know if a particular extension has been seen in the handshake so far. Use it for keyshare. ok tb@
|
#
1.20 |
|
24-Jan-2019 |
beck |
Add server side of versions, keyshare, and client and server of cookie extensions for tls1.3. versions is currently defanged to ignore its result until tls13 server side wired in full, so that server side code still works today when we only support tls 1.2 ok bcook@ tb@ jsing@
|
#
1.19 |
|
23-Jan-2019 |
beck |
revert previous, accidentally contained another diff in addition to the one I intended to commit
|
#
1.18 |
|
23-Jan-2019 |
beck |
Modify sigalgs extension processing for TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@
|
#
1.17 |
|
18-Jan-2019 |
beck |
copyright
|
#
1.16 |
|
18-Jan-2019 |
beck |
Add client side of supported versions and keyshare extensions with basic regress ok jsing@
|
#
1.15 |
|
18-Jan-2019 |
jsing |
Rename TLS extension handling to use less "hello".
When the TLS extension code was rewritten, TLS extensions could only exist in ClientHello and ServerHello messages - as such, they were named in pairs of *_clienthello_{needs,build} which would be called by the client and *_clienthello_parse. Likewise for *_serverhello_{needs,build} which would be called by a server and *_serverhello_parse, which would be called by a client.
Enter TLSv1.3 - TLS extensions can now exist in one of seven messages, with only certain types being allowed to appear in each, meaning the naming scheme no longer works. Instead, rename them to indicate the caller rather than the message type - this effectively means:
clienthello_needs -> client_needs clienthello_build -> client_build clienthello_parse -> server_parse serverhello_needs -> server_needs serverhello_build -> server_build serverhello_parse -> client_parse
ok beck@ tb@
|
#
1.14 |
|
09-Nov-2018 |
jsing |
Add header guards and hidden declarations.
|
#
1.13 |
|
05-Nov-2018 |
jsing |
Rename the TLS Supported Elliptic Curves extension to Supported Groups.
RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported Groups and redefined it to include finite field DH (FFDH) in addition to elliptic curve DH (ECDH). As such, rename the TLS extension and change the associated code to refer to groups rather than curves.
ok beck@ tb@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.12 |
|
08-Feb-2018 |
jsing |
Complete the TLS extension rewrite on the client-side.
The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down.
This also deduplicates the tlsext_client_build() and tlsext_server_build() code.
ok beck@
|
#
1.11 |
|
27-Jan-2018 |
jsing |
Complete the TLS extension handling rewrite for the server-side.
This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist.
The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions).
ok inoguchi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.10 |
|
27-Aug-2017 |
doug |
Rewrite SRTP extension using CBB/CBS and the new extension framework.
input + ok beck@, jsing@
|
#
1.9 |
|
26-Aug-2017 |
doug |
Rewrite ALPN extension using CBB/CBS and the new extension framework.
ok bcook@ beck@ input + ok jsing@
|
#
1.8 |
|
12-Aug-2017 |
beck |
Rewrite the TLS status request extension to use the new TLS extension framework. ok jsing@
|
#
1.7 |
|
12-Aug-2017 |
jsing |
Convert TLS signature algorithms extension handling to the new framework.
ok beck@ doug@
|
#
1.6 |
|
12-Aug-2017 |
doug |
Rewrite session ticket TLS extension handling using CBB/CBS and the new extension framework.
ok jsing@ beck@
|
#
1.5 |
|
11-Aug-2017 |
doug |
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.4 |
|
11-Aug-2017 |
jsing |
Add doug@'s copyright since he just added code to these two files.
|
#
1.3 |
|
11-Aug-2017 |
doug |
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.2 |
|
24-Jul-2017 |
jsing |
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework.
Feedback from doug@
ok inoguchi@
|
#
1.1 |
|
16-Jul-2017 |
jsing |
Start rewriting TLS extension handling.
Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code.
Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process.
Discussed with beck@
ok inoguchi@
|
#
1.31 |
|
20-Jul-2022 |
tb |
Factor out ALPN extension format check
The ALPN extension must contain a non-empty list of protocol names. Split a check of this out of tlsext_alpn_server_parse() so that it can be reused elsewhere in the library.
ok jsing
|
#
1.30 |
|
29-Jun-2022 |
beck |
Add support for sending QUIC transport parameters
This is the start of adding the boringssl API for QUIC support, and the TLS extensions necessary to send and receive QUIC transport data.
Inspired by boringssl's https://boringssl-review.googlesource.com/24464
ok jsing@ tb@
|
#
1.29 |
|
03-Jun-2022 |
tb |
Add stubbed out handlers for the pre_shared_key extension
ok jsing
|
#
1.28 |
|
03-Jun-2022 |
tb |
Implement handlers for the psk_key_exchange_modes extensions.
ok jsing
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.27 |
|
01-Nov-2021 |
jsing |
Improve SNI hostname validation.
For some time now we've validated the hostname provided to the server in the SNI extension. Per RFC 6066, an IP literal is invalid as a hostname - the current code rejects IPv6 literals, but allows IPv4 literals through.
Improve this check to explicitly detect both IPv4 and IPv6 literals. Some software has been historically known to include IP literals in SNI, so rather than rejecting this outright (and failing with a decode error), pretend that the SNI extension does not exist (such that we do not break some older clients).
ok inoguchi@ tb@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.26 |
|
11-Oct-2020 |
guenther |
Constipate ssl3_ciphers and tls1[23]_sigalgs*, pushing them into .data.rel.ro and .rodata respectively.
ok tb@ jsing@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.25 |
|
03-Jul-2020 |
tb |
Make the message type available to the extension functions
Some TLS extensions need to be treated differently depending on the handshake message they appear in. Over time, various workarounds and hacks were used to deal with the unavailability of the message type in these functions, but this is getting fragile and unwieldy. Having the message type available will enable us to clean this code up and will allow simple fixes for a number of bugs in our handling of the status_request extension reported by Michael Forney.
This approach was suggested a while ago by jsing.
ok beck jsing
|
#
1.24 |
|
03-Jul-2020 |
tb |
Improve argument order for the internal tlsext API
Move is_server and msg_type right after the SSL object so that CBS and CBB and alert come last. This brings these functions more in line with other internal functions and separates state from data.
requested by jsing
|
#
1.23 |
|
23-May-2020 |
beck |
Enforce that SNI hostnames be correct as per rfc 6066 and 5980. Correct SNI alerts to differentiate between illegal parameter and an unknown name.
ok tb@`
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.22 |
|
25-Jan-2020 |
jsing |
Correct value for SSL_TLSEXT_MSG_HRR.
ok beck@ tb@
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.21 |
|
28-Jan-2019 |
beck |
Add tls_extension_seen(), a utility to know if a particular extension has been seen in the handshake so far. Use it for keyshare. ok tb@
|
#
1.20 |
|
24-Jan-2019 |
beck |
Add server side of versions, keyshare, and client and server of cookie extensions for tls1.3. versions is currently defanged to ignore its result until tls13 server side wired in full, so that server side code still works today when we only support tls 1.2 ok bcook@ tb@ jsing@
|
#
1.19 |
|
23-Jan-2019 |
beck |
revert previous, accidentally contained another diff in addition to the one I intended to commit
|
#
1.18 |
|
23-Jan-2019 |
beck |
Modify sigalgs extension processing for TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@
|
#
1.17 |
|
18-Jan-2019 |
beck |
copyright
|
#
1.16 |
|
18-Jan-2019 |
beck |
Add client side of supported versions and keyshare extensions with basic regress ok jsing@
|
#
1.15 |
|
18-Jan-2019 |
jsing |
Rename TLS extension handling to use less "hello".
When the TLS extension code was rewritten, TLS extensions could only exist in ClientHello and ServerHello messages - as such, they were named in pairs of *_clienthello_{needs,build} which would be called by the client and *_clienthello_parse. Likewise for *_serverhello_{needs,build} which would be called by a server and *_serverhello_parse, which would be called by a client.
Enter TLSv1.3 - TLS extensions can now exist in one of seven messages, with only certain types being allowed to appear in each, meaning the naming scheme no longer works. Instead, rename them to indicate the caller rather than the message type - this effectively means:
clienthello_needs -> client_needs clienthello_build -> client_build clienthello_parse -> server_parse serverhello_needs -> server_needs serverhello_build -> server_build serverhello_parse -> client_parse
ok beck@ tb@
|
#
1.14 |
|
09-Nov-2018 |
jsing |
Add header guards and hidden declarations.
|
#
1.13 |
|
05-Nov-2018 |
jsing |
Rename the TLS Supported Elliptic Curves extension to Supported Groups.
RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported Groups and redefined it to include finite field DH (FFDH) in addition to elliptic curve DH (ECDH). As such, rename the TLS extension and change the associated code to refer to groups rather than curves.
ok beck@ tb@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.12 |
|
08-Feb-2018 |
jsing |
Complete the TLS extension rewrite on the client-side.
The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down.
This also deduplicates the tlsext_client_build() and tlsext_server_build() code.
ok beck@
|
#
1.11 |
|
27-Jan-2018 |
jsing |
Complete the TLS extension handling rewrite for the server-side.
This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist.
The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions).
ok inoguchi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.10 |
|
27-Aug-2017 |
doug |
Rewrite SRTP extension using CBB/CBS and the new extension framework.
input + ok beck@, jsing@
|
#
1.9 |
|
26-Aug-2017 |
doug |
Rewrite ALPN extension using CBB/CBS and the new extension framework.
ok bcook@ beck@ input + ok jsing@
|
#
1.8 |
|
12-Aug-2017 |
beck |
Rewrite the TLS status request extension to use the new TLS extension framework. ok jsing@
|
#
1.7 |
|
12-Aug-2017 |
jsing |
Convert TLS signature algorithms extension handling to the new framework.
ok beck@ doug@
|
#
1.6 |
|
12-Aug-2017 |
doug |
Rewrite session ticket TLS extension handling using CBB/CBS and the new extension framework.
ok jsing@ beck@
|
#
1.5 |
|
11-Aug-2017 |
doug |
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.4 |
|
11-Aug-2017 |
jsing |
Add doug@'s copyright since he just added code to these two files.
|
#
1.3 |
|
11-Aug-2017 |
doug |
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.2 |
|
24-Jul-2017 |
jsing |
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework.
Feedback from doug@
ok inoguchi@
|
#
1.1 |
|
16-Jul-2017 |
jsing |
Start rewriting TLS extension handling.
Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code.
Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process.
Discussed with beck@
ok inoguchi@
|
#
1.30 |
|
29-Jun-2022 |
beck |
Add support for sending QUIC transport parameters
This is the start of adding the boringssl API for QUIC support, and the TLS extensions necessary to send and receive QUIC transport data.
Inspired by boringssl's https://boringssl-review.googlesource.com/24464
ok jsing@ tb@
|
#
1.29 |
|
03-Jun-2022 |
tb |
Add stubbed out handlers for the pre_shared_key extension
ok jsing
|
#
1.28 |
|
03-Jun-2022 |
tb |
Implement handlers for the psk_key_exchange_modes extensions.
ok jsing
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.27 |
|
01-Nov-2021 |
jsing |
Improve SNI hostname validation.
For some time now we've validated the hostname provided to the server in the SNI extension. Per RFC 6066, an IP literal is invalid as a hostname - the current code rejects IPv6 literals, but allows IPv4 literals through.
Improve this check to explicitly detect both IPv4 and IPv6 literals. Some software has been historically known to include IP literals in SNI, so rather than rejecting this outright (and failing with a decode error), pretend that the SNI extension does not exist (such that we do not break some older clients).
ok inoguchi@ tb@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.26 |
|
11-Oct-2020 |
guenther |
Constipate ssl3_ciphers and tls1[23]_sigalgs*, pushing them into .data.rel.ro and .rodata respectively.
ok tb@ jsing@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.25 |
|
03-Jul-2020 |
tb |
Make the message type available to the extension functions
Some TLS extensions need to be treated differently depending on the handshake message they appear in. Over time, various workarounds and hacks were used to deal with the unavailability of the message type in these functions, but this is getting fragile and unwieldy. Having the message type available will enable us to clean this code up and will allow simple fixes for a number of bugs in our handling of the status_request extension reported by Michael Forney.
This approach was suggested a while ago by jsing.
ok beck jsing
|
#
1.24 |
|
03-Jul-2020 |
tb |
Improve argument order for the internal tlsext API
Move is_server and msg_type right after the SSL object so that CBS and CBB and alert come last. This brings these functions more in line with other internal functions and separates state from data.
requested by jsing
|
#
1.23 |
|
23-May-2020 |
beck |
Enforce that SNI hostnames be correct as per rfc 6066 and 5980. Correct SNI alerts to differentiate between illegal parameter and an unknown name.
ok tb@`
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.22 |
|
25-Jan-2020 |
jsing |
Correct value for SSL_TLSEXT_MSG_HRR.
ok beck@ tb@
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.21 |
|
28-Jan-2019 |
beck |
Add tls_extension_seen(), a utility to know if a particular extension has been seen in the handshake so far. Use it for keyshare. ok tb@
|
#
1.20 |
|
24-Jan-2019 |
beck |
Add server side of versions, keyshare, and client and server of cookie extensions for tls1.3. versions is currently defanged to ignore its result until tls13 server side wired in full, so that server side code still works today when we only support tls 1.2 ok bcook@ tb@ jsing@
|
#
1.19 |
|
23-Jan-2019 |
beck |
revert previous, accidentally contained another diff in addition to the one I intended to commit
|
#
1.18 |
|
23-Jan-2019 |
beck |
Modify sigalgs extension processing for TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@
|
#
1.17 |
|
18-Jan-2019 |
beck |
copyright
|
#
1.16 |
|
18-Jan-2019 |
beck |
Add client side of supported versions and keyshare extensions with basic regress ok jsing@
|
#
1.15 |
|
18-Jan-2019 |
jsing |
Rename TLS extension handling to use less "hello".
When the TLS extension code was rewritten, TLS extensions could only exist in ClientHello and ServerHello messages - as such, they were named in pairs of *_clienthello_{needs,build} which would be called by the client and *_clienthello_parse. Likewise for *_serverhello_{needs,build} which would be called by a server and *_serverhello_parse, which would be called by a client.
Enter TLSv1.3 - TLS extensions can now exist in one of seven messages, with only certain types being allowed to appear in each, meaning the naming scheme no longer works. Instead, rename them to indicate the caller rather than the message type - this effectively means:
clienthello_needs -> client_needs clienthello_build -> client_build clienthello_parse -> server_parse serverhello_needs -> server_needs serverhello_build -> server_build serverhello_parse -> client_parse
ok beck@ tb@
|
#
1.14 |
|
09-Nov-2018 |
jsing |
Add header guards and hidden declarations.
|
#
1.13 |
|
05-Nov-2018 |
jsing |
Rename the TLS Supported Elliptic Curves extension to Supported Groups.
RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported Groups and redefined it to include finite field DH (FFDH) in addition to elliptic curve DH (ECDH). As such, rename the TLS extension and change the associated code to refer to groups rather than curves.
ok beck@ tb@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.12 |
|
08-Feb-2018 |
jsing |
Complete the TLS extension rewrite on the client-side.
The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down.
This also deduplicates the tlsext_client_build() and tlsext_server_build() code.
ok beck@
|
#
1.11 |
|
27-Jan-2018 |
jsing |
Complete the TLS extension handling rewrite for the server-side.
This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist.
The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions).
ok inoguchi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.10 |
|
27-Aug-2017 |
doug |
Rewrite SRTP extension using CBB/CBS and the new extension framework.
input + ok beck@, jsing@
|
#
1.9 |
|
26-Aug-2017 |
doug |
Rewrite ALPN extension using CBB/CBS and the new extension framework.
ok bcook@ beck@ input + ok jsing@
|
#
1.8 |
|
12-Aug-2017 |
beck |
Rewrite the TLS status request extension to use the new TLS extension framework. ok jsing@
|
#
1.7 |
|
12-Aug-2017 |
jsing |
Convert TLS signature algorithms extension handling to the new framework.
ok beck@ doug@
|
#
1.6 |
|
12-Aug-2017 |
doug |
Rewrite session ticket TLS extension handling using CBB/CBS and the new extension framework.
ok jsing@ beck@
|
#
1.5 |
|
11-Aug-2017 |
doug |
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.4 |
|
11-Aug-2017 |
jsing |
Add doug@'s copyright since he just added code to these two files.
|
#
1.3 |
|
11-Aug-2017 |
doug |
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.2 |
|
24-Jul-2017 |
jsing |
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework.
Feedback from doug@
ok inoguchi@
|
#
1.1 |
|
16-Jul-2017 |
jsing |
Start rewriting TLS extension handling.
Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code.
Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process.
Discussed with beck@
ok inoguchi@
|
#
1.29 |
|
03-Jun-2022 |
tb |
Add stubbed out handlers for the pre_shared_key extension
ok jsing
|
#
1.28 |
|
03-Jun-2022 |
tb |
Implement handlers for the psk_key_exchange_modes extensions.
ok jsing
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.27 |
|
01-Nov-2021 |
jsing |
Improve SNI hostname validation.
For some time now we've validated the hostname provided to the server in the SNI extension. Per RFC 6066, an IP literal is invalid as a hostname - the current code rejects IPv6 literals, but allows IPv4 literals through.
Improve this check to explicitly detect both IPv4 and IPv6 literals. Some software has been historically known to include IP literals in SNI, so rather than rejecting this outright (and failing with a decode error), pretend that the SNI extension does not exist (such that we do not break some older clients).
ok inoguchi@ tb@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.26 |
|
11-Oct-2020 |
guenther |
Constipate ssl3_ciphers and tls1[23]_sigalgs*, pushing them into .data.rel.ro and .rodata respectively.
ok tb@ jsing@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.25 |
|
03-Jul-2020 |
tb |
Make the message type available to the extension functions
Some TLS extensions need to be treated differently depending on the handshake message they appear in. Over time, various workarounds and hacks were used to deal with the unavailability of the message type in these functions, but this is getting fragile and unwieldy. Having the message type available will enable us to clean this code up and will allow simple fixes for a number of bugs in our handling of the status_request extension reported by Michael Forney.
This approach was suggested a while ago by jsing.
ok beck jsing
|
#
1.24 |
|
03-Jul-2020 |
tb |
Improve argument order for the internal tlsext API
Move is_server and msg_type right after the SSL object so that CBS and CBB and alert come last. This brings these functions more in line with other internal functions and separates state from data.
requested by jsing
|
#
1.23 |
|
23-May-2020 |
beck |
Enforce that SNI hostnames be correct as per rfc 6066 and 5980. Correct SNI alerts to differentiate between illegal parameter and an unknown name.
ok tb@`
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.22 |
|
25-Jan-2020 |
jsing |
Correct value for SSL_TLSEXT_MSG_HRR.
ok beck@ tb@
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.21 |
|
28-Jan-2019 |
beck |
Add tls_extension_seen(), a utility to know if a particular extension has been seen in the handshake so far. Use it for keyshare. ok tb@
|
#
1.20 |
|
24-Jan-2019 |
beck |
Add server side of versions, keyshare, and client and server of cookie extensions for tls1.3. versions is currently defanged to ignore its result until tls13 server side wired in full, so that server side code still works today when we only support tls 1.2 ok bcook@ tb@ jsing@
|
#
1.19 |
|
23-Jan-2019 |
beck |
revert previous, accidentally contained another diff in addition to the one I intended to commit
|
#
1.18 |
|
23-Jan-2019 |
beck |
Modify sigalgs extension processing for TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@
|
#
1.17 |
|
18-Jan-2019 |
beck |
copyright
|
#
1.16 |
|
18-Jan-2019 |
beck |
Add client side of supported versions and keyshare extensions with basic regress ok jsing@
|
#
1.15 |
|
18-Jan-2019 |
jsing |
Rename TLS extension handling to use less "hello".
When the TLS extension code was rewritten, TLS extensions could only exist in ClientHello and ServerHello messages - as such, they were named in pairs of *_clienthello_{needs,build} which would be called by the client and *_clienthello_parse. Likewise for *_serverhello_{needs,build} which would be called by a server and *_serverhello_parse, which would be called by a client.
Enter TLSv1.3 - TLS extensions can now exist in one of seven messages, with only certain types being allowed to appear in each, meaning the naming scheme no longer works. Instead, rename them to indicate the caller rather than the message type - this effectively means:
clienthello_needs -> client_needs clienthello_build -> client_build clienthello_parse -> server_parse serverhello_needs -> server_needs serverhello_build -> server_build serverhello_parse -> client_parse
ok beck@ tb@
|
#
1.14 |
|
09-Nov-2018 |
jsing |
Add header guards and hidden declarations.
|
#
1.13 |
|
05-Nov-2018 |
jsing |
Rename the TLS Supported Elliptic Curves extension to Supported Groups.
RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported Groups and redefined it to include finite field DH (FFDH) in addition to elliptic curve DH (ECDH). As such, rename the TLS extension and change the associated code to refer to groups rather than curves.
ok beck@ tb@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.12 |
|
08-Feb-2018 |
jsing |
Complete the TLS extension rewrite on the client-side.
The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down.
This also deduplicates the tlsext_client_build() and tlsext_server_build() code.
ok beck@
|
#
1.11 |
|
27-Jan-2018 |
jsing |
Complete the TLS extension handling rewrite for the server-side.
This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist.
The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions).
ok inoguchi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.10 |
|
27-Aug-2017 |
doug |
Rewrite SRTP extension using CBB/CBS and the new extension framework.
input + ok beck@, jsing@
|
#
1.9 |
|
26-Aug-2017 |
doug |
Rewrite ALPN extension using CBB/CBS and the new extension framework.
ok bcook@ beck@ input + ok jsing@
|
#
1.8 |
|
12-Aug-2017 |
beck |
Rewrite the TLS status request extension to use the new TLS extension framework. ok jsing@
|
#
1.7 |
|
12-Aug-2017 |
jsing |
Convert TLS signature algorithms extension handling to the new framework.
ok beck@ doug@
|
#
1.6 |
|
12-Aug-2017 |
doug |
Rewrite session ticket TLS extension handling using CBB/CBS and the new extension framework.
ok jsing@ beck@
|
#
1.5 |
|
11-Aug-2017 |
doug |
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.4 |
|
11-Aug-2017 |
jsing |
Add doug@'s copyright since he just added code to these two files.
|
#
1.3 |
|
11-Aug-2017 |
doug |
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.2 |
|
24-Jul-2017 |
jsing |
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework.
Feedback from doug@
ok inoguchi@
|
#
1.1 |
|
16-Jul-2017 |
jsing |
Start rewriting TLS extension handling.
Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code.
Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process.
Discussed with beck@
ok inoguchi@
|
#
1.27 |
|
01-Nov-2021 |
jsing |
Improve SNI hostname validation.
For some time now we've validated the hostname provided to the server in the SNI extension. Per RFC 6066, an IP literal is invalid as a hostname - the current code rejects IPv6 literals, but allows IPv4 literals through.
Improve this check to explicitly detect both IPv4 and IPv6 literals. Some software has been historically known to include IP literals in SNI, so rather than rejecting this outright (and failing with a decode error), pretend that the SNI extension does not exist (such that we do not break some older clients).
ok inoguchi@ tb@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.26 |
|
11-Oct-2020 |
guenther |
Constipate ssl3_ciphers and tls1[23]_sigalgs*, pushing them into .data.rel.ro and .rodata respectively.
ok tb@ jsing@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.25 |
|
03-Jul-2020 |
tb |
Make the message type available to the extension functions
Some TLS extensions need to be treated differently depending on the handshake message they appear in. Over time, various workarounds and hacks were used to deal with the unavailability of the message type in these functions, but this is getting fragile and unwieldy. Having the message type available will enable us to clean this code up and will allow simple fixes for a number of bugs in our handling of the status_request extension reported by Michael Forney.
This approach was suggested a while ago by jsing.
ok beck jsing
|
#
1.24 |
|
03-Jul-2020 |
tb |
Improve argument order for the internal tlsext API
Move is_server and msg_type right after the SSL object so that CBS and CBB and alert come last. This brings these functions more in line with other internal functions and separates state from data.
requested by jsing
|
#
1.23 |
|
23-May-2020 |
beck |
Enforce that SNI hostnames be correct as per rfc 6066 and 5980. Correct SNI alerts to differentiate between illegal parameter and an unknown name.
ok tb@`
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.22 |
|
25-Jan-2020 |
jsing |
Correct value for SSL_TLSEXT_MSG_HRR.
ok beck@ tb@
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.21 |
|
28-Jan-2019 |
beck |
Add tls_extension_seen(), a utility to know if a particular extension has been seen in the handshake so far. Use it for keyshare. ok tb@
|
#
1.20 |
|
24-Jan-2019 |
beck |
Add server side of versions, keyshare, and client and server of cookie extensions for tls1.3. versions is currently defanged to ignore its result until tls13 server side wired in full, so that server side code still works today when we only support tls 1.2 ok bcook@ tb@ jsing@
|
#
1.19 |
|
23-Jan-2019 |
beck |
revert previous, accidentally contained another diff in addition to the one I intended to commit
|
#
1.18 |
|
23-Jan-2019 |
beck |
Modify sigalgs extension processing for TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@
|
#
1.17 |
|
18-Jan-2019 |
beck |
copyright
|
#
1.16 |
|
18-Jan-2019 |
beck |
Add client side of supported versions and keyshare extensions with basic regress ok jsing@
|
#
1.15 |
|
18-Jan-2019 |
jsing |
Rename TLS extension handling to use less "hello".
When the TLS extension code was rewritten, TLS extensions could only exist in ClientHello and ServerHello messages - as such, they were named in pairs of *_clienthello_{needs,build} which would be called by the client and *_clienthello_parse. Likewise for *_serverhello_{needs,build} which would be called by a server and *_serverhello_parse, which would be called by a client.
Enter TLSv1.3 - TLS extensions can now exist in one of seven messages, with only certain types being allowed to appear in each, meaning the naming scheme no longer works. Instead, rename them to indicate the caller rather than the message type - this effectively means:
clienthello_needs -> client_needs clienthello_build -> client_build clienthello_parse -> server_parse serverhello_needs -> server_needs serverhello_build -> server_build serverhello_parse -> client_parse
ok beck@ tb@
|
#
1.14 |
|
09-Nov-2018 |
jsing |
Add header guards and hidden declarations.
|
#
1.13 |
|
05-Nov-2018 |
jsing |
Rename the TLS Supported Elliptic Curves extension to Supported Groups.
RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported Groups and redefined it to include finite field DH (FFDH) in addition to elliptic curve DH (ECDH). As such, rename the TLS extension and change the associated code to refer to groups rather than curves.
ok beck@ tb@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.12 |
|
08-Feb-2018 |
jsing |
Complete the TLS extension rewrite on the client-side.
The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down.
This also deduplicates the tlsext_client_build() and tlsext_server_build() code.
ok beck@
|
#
1.11 |
|
27-Jan-2018 |
jsing |
Complete the TLS extension handling rewrite for the server-side.
This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist.
The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions).
ok inoguchi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.10 |
|
27-Aug-2017 |
doug |
Rewrite SRTP extension using CBB/CBS and the new extension framework.
input + ok beck@, jsing@
|
#
1.9 |
|
26-Aug-2017 |
doug |
Rewrite ALPN extension using CBB/CBS and the new extension framework.
ok bcook@ beck@ input + ok jsing@
|
#
1.8 |
|
12-Aug-2017 |
beck |
Rewrite the TLS status request extension to use the new TLS extension framework. ok jsing@
|
#
1.7 |
|
12-Aug-2017 |
jsing |
Convert TLS signature algorithms extension handling to the new framework.
ok beck@ doug@
|
#
1.6 |
|
12-Aug-2017 |
doug |
Rewrite session ticket TLS extension handling using CBB/CBS and the new extension framework.
ok jsing@ beck@
|
#
1.5 |
|
11-Aug-2017 |
doug |
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.4 |
|
11-Aug-2017 |
jsing |
Add doug@'s copyright since he just added code to these two files.
|
#
1.3 |
|
11-Aug-2017 |
doug |
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.2 |
|
24-Jul-2017 |
jsing |
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework.
Feedback from doug@
ok inoguchi@
|
#
1.1 |
|
16-Jul-2017 |
jsing |
Start rewriting TLS extension handling.
Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code.
Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process.
Discussed with beck@
ok inoguchi@
|
#
1.26 |
|
11-Oct-2020 |
guenther |
Constipate ssl3_ciphers and tls1[23]_sigalgs*, pushing them into .data.rel.ro and .rodata respectively.
ok tb@ jsing@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.25 |
|
03-Jul-2020 |
tb |
Make the message type available to the extension functions
Some TLS extensions need to be treated differently depending on the handshake message they appear in. Over time, various workarounds and hacks were used to deal with the unavailability of the message type in these functions, but this is getting fragile and unwieldy. Having the message type available will enable us to clean this code up and will allow simple fixes for a number of bugs in our handling of the status_request extension reported by Michael Forney.
This approach was suggested a while ago by jsing.
ok beck jsing
|
#
1.24 |
|
03-Jul-2020 |
tb |
Improve argument order for the internal tlsext API
Move is_server and msg_type right after the SSL object so that CBS and CBB and alert come last. This brings these functions more in line with other internal functions and separates state from data.
requested by jsing
|
#
1.23 |
|
23-May-2020 |
beck |
Enforce that SNI hostnames be correct as per rfc 6066 and 5980. Correct SNI alerts to differentiate between illegal parameter and an unknown name.
ok tb@`
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.22 |
|
25-Jan-2020 |
jsing |
Correct value for SSL_TLSEXT_MSG_HRR.
ok beck@ tb@
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.21 |
|
28-Jan-2019 |
beck |
Add tls_extension_seen(), a utility to know if a particular extension has been seen in the handshake so far. Use it for keyshare. ok tb@
|
#
1.20 |
|
24-Jan-2019 |
beck |
Add server side of versions, keyshare, and client and server of cookie extensions for tls1.3. versions is currently defanged to ignore its result until tls13 server side wired in full, so that server side code still works today when we only support tls 1.2 ok bcook@ tb@ jsing@
|
#
1.19 |
|
23-Jan-2019 |
beck |
revert previous, accidentally contained another diff in addition to the one I intended to commit
|
#
1.18 |
|
23-Jan-2019 |
beck |
Modify sigalgs extension processing for TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@
|
#
1.17 |
|
18-Jan-2019 |
beck |
copyright
|
#
1.16 |
|
18-Jan-2019 |
beck |
Add client side of supported versions and keyshare extensions with basic regress ok jsing@
|
#
1.15 |
|
18-Jan-2019 |
jsing |
Rename TLS extension handling to use less "hello".
When the TLS extension code was rewritten, TLS extensions could only exist in ClientHello and ServerHello messages - as such, they were named in pairs of *_clienthello_{needs,build} which would be called by the client and *_clienthello_parse. Likewise for *_serverhello_{needs,build} which would be called by a server and *_serverhello_parse, which would be called by a client.
Enter TLSv1.3 - TLS extensions can now exist in one of seven messages, with only certain types being allowed to appear in each, meaning the naming scheme no longer works. Instead, rename them to indicate the caller rather than the message type - this effectively means:
clienthello_needs -> client_needs clienthello_build -> client_build clienthello_parse -> server_parse serverhello_needs -> server_needs serverhello_build -> server_build serverhello_parse -> client_parse
ok beck@ tb@
|
#
1.14 |
|
09-Nov-2018 |
jsing |
Add header guards and hidden declarations.
|
#
1.13 |
|
05-Nov-2018 |
jsing |
Rename the TLS Supported Elliptic Curves extension to Supported Groups.
RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported Groups and redefined it to include finite field DH (FFDH) in addition to elliptic curve DH (ECDH). As such, rename the TLS extension and change the associated code to refer to groups rather than curves.
ok beck@ tb@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.12 |
|
08-Feb-2018 |
jsing |
Complete the TLS extension rewrite on the client-side.
The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down.
This also deduplicates the tlsext_client_build() and tlsext_server_build() code.
ok beck@
|
#
1.11 |
|
27-Jan-2018 |
jsing |
Complete the TLS extension handling rewrite for the server-side.
This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist.
The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions).
ok inoguchi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.10 |
|
27-Aug-2017 |
doug |
Rewrite SRTP extension using CBB/CBS and the new extension framework.
input + ok beck@, jsing@
|
#
1.9 |
|
26-Aug-2017 |
doug |
Rewrite ALPN extension using CBB/CBS and the new extension framework.
ok bcook@ beck@ input + ok jsing@
|
#
1.8 |
|
12-Aug-2017 |
beck |
Rewrite the TLS status request extension to use the new TLS extension framework. ok jsing@
|
#
1.7 |
|
12-Aug-2017 |
jsing |
Convert TLS signature algorithms extension handling to the new framework.
ok beck@ doug@
|
#
1.6 |
|
12-Aug-2017 |
doug |
Rewrite session ticket TLS extension handling using CBB/CBS and the new extension framework.
ok jsing@ beck@
|
#
1.5 |
|
11-Aug-2017 |
doug |
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.4 |
|
11-Aug-2017 |
jsing |
Add doug@'s copyright since he just added code to these two files.
|
#
1.3 |
|
11-Aug-2017 |
doug |
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.2 |
|
24-Jul-2017 |
jsing |
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework.
Feedback from doug@
ok inoguchi@
|
#
1.1 |
|
16-Jul-2017 |
jsing |
Start rewriting TLS extension handling.
Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code.
Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process.
Discussed with beck@
ok inoguchi@
|
#
1.25 |
|
03-Jul-2020 |
tb |
Make the message type available to the extension functions
Some TLS extensions need to be treated differently depending on the handshake message they appear in. Over time, various workarounds and hacks were used to deal with the unavailability of the message type in these functions, but this is getting fragile and unwieldy. Having the message type available will enable us to clean this code up and will allow simple fixes for a number of bugs in our handling of the status_request extension reported by Michael Forney.
This approach was suggested a while ago by jsing.
ok beck jsing
|
#
1.24 |
|
03-Jul-2020 |
tb |
Improve argument order for the internal tlsext API
Move is_server and msg_type right after the SSL object so that CBS and CBB and alert come last. This brings these functions more in line with other internal functions and separates state from data.
requested by jsing
|
#
1.23 |
|
23-May-2020 |
beck |
Enforce that SNI hostnames be correct as per rfc 6066 and 5980. Correct SNI alerts to differentiate between illegal parameter and an unknown name.
ok tb@`
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.22 |
|
25-Jan-2020 |
jsing |
Correct value for SSL_TLSEXT_MSG_HRR.
ok beck@ tb@
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.21 |
|
28-Jan-2019 |
beck |
Add tls_extension_seen(), a utility to know if a particular extension has been seen in the handshake so far. Use it for keyshare. ok tb@
|
#
1.20 |
|
24-Jan-2019 |
beck |
Add server side of versions, keyshare, and client and server of cookie extensions for tls1.3. versions is currently defanged to ignore its result until tls13 server side wired in full, so that server side code still works today when we only support tls 1.2 ok bcook@ tb@ jsing@
|
#
1.19 |
|
23-Jan-2019 |
beck |
revert previous, accidentally contained another diff in addition to the one I intended to commit
|
#
1.18 |
|
23-Jan-2019 |
beck |
Modify sigalgs extension processing for TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@
|
#
1.17 |
|
18-Jan-2019 |
beck |
copyright
|
#
1.16 |
|
18-Jan-2019 |
beck |
Add client side of supported versions and keyshare extensions with basic regress ok jsing@
|
#
1.15 |
|
18-Jan-2019 |
jsing |
Rename TLS extension handling to use less "hello".
When the TLS extension code was rewritten, TLS extensions could only exist in ClientHello and ServerHello messages - as such, they were named in pairs of *_clienthello_{needs,build} which would be called by the client and *_clienthello_parse. Likewise for *_serverhello_{needs,build} which would be called by a server and *_serverhello_parse, which would be called by a client.
Enter TLSv1.3 - TLS extensions can now exist in one of seven messages, with only certain types being allowed to appear in each, meaning the naming scheme no longer works. Instead, rename them to indicate the caller rather than the message type - this effectively means:
clienthello_needs -> client_needs clienthello_build -> client_build clienthello_parse -> server_parse serverhello_needs -> server_needs serverhello_build -> server_build serverhello_parse -> client_parse
ok beck@ tb@
|
#
1.14 |
|
09-Nov-2018 |
jsing |
Add header guards and hidden declarations.
|
#
1.13 |
|
05-Nov-2018 |
jsing |
Rename the TLS Supported Elliptic Curves extension to Supported Groups.
RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported Groups and redefined it to include finite field DH (FFDH) in addition to elliptic curve DH (ECDH). As such, rename the TLS extension and change the associated code to refer to groups rather than curves.
ok beck@ tb@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.12 |
|
08-Feb-2018 |
jsing |
Complete the TLS extension rewrite on the client-side.
The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down.
This also deduplicates the tlsext_client_build() and tlsext_server_build() code.
ok beck@
|
#
1.11 |
|
27-Jan-2018 |
jsing |
Complete the TLS extension handling rewrite for the server-side.
This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist.
The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions).
ok inoguchi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.10 |
|
27-Aug-2017 |
doug |
Rewrite SRTP extension using CBB/CBS and the new extension framework.
input + ok beck@, jsing@
|
#
1.9 |
|
26-Aug-2017 |
doug |
Rewrite ALPN extension using CBB/CBS and the new extension framework.
ok bcook@ beck@ input + ok jsing@
|
#
1.8 |
|
12-Aug-2017 |
beck |
Rewrite the TLS status request extension to use the new TLS extension framework. ok jsing@
|
#
1.7 |
|
12-Aug-2017 |
jsing |
Convert TLS signature algorithms extension handling to the new framework.
ok beck@ doug@
|
#
1.6 |
|
12-Aug-2017 |
doug |
Rewrite session ticket TLS extension handling using CBB/CBS and the new extension framework.
ok jsing@ beck@
|
#
1.5 |
|
11-Aug-2017 |
doug |
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.4 |
|
11-Aug-2017 |
jsing |
Add doug@'s copyright since he just added code to these two files.
|
#
1.3 |
|
11-Aug-2017 |
doug |
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.2 |
|
24-Jul-2017 |
jsing |
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework.
Feedback from doug@
ok inoguchi@
|
#
1.1 |
|
16-Jul-2017 |
jsing |
Start rewriting TLS extension handling.
Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code.
Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process.
Discussed with beck@
ok inoguchi@
|
#
1.23 |
|
23-May-2020 |
beck |
Enforce that SNI hostnames be correct as per rfc 6066 and 5980. Correct SNI alerts to differentiate between illegal parameter and an unknown name.
ok tb@`
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.22 |
|
25-Jan-2020 |
jsing |
Correct value for SSL_TLSEXT_MSG_HRR.
ok beck@ tb@
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.21 |
|
28-Jan-2019 |
beck |
Add tls_extension_seen(), a utility to know if a particular extension has been seen in the handshake so far. Use it for keyshare. ok tb@
|
#
1.20 |
|
24-Jan-2019 |
beck |
Add server side of versions, keyshare, and client and server of cookie extensions for tls1.3. versions is currently defanged to ignore its result until tls13 server side wired in full, so that server side code still works today when we only support tls 1.2 ok bcook@ tb@ jsing@
|
#
1.19 |
|
23-Jan-2019 |
beck |
revert previous, accidentally contained another diff in addition to the one I intended to commit
|
#
1.18 |
|
23-Jan-2019 |
beck |
Modify sigalgs extension processing for TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@
|
#
1.17 |
|
18-Jan-2019 |
beck |
copyright
|
#
1.16 |
|
18-Jan-2019 |
beck |
Add client side of supported versions and keyshare extensions with basic regress ok jsing@
|
#
1.15 |
|
18-Jan-2019 |
jsing |
Rename TLS extension handling to use less "hello".
When the TLS extension code was rewritten, TLS extensions could only exist in ClientHello and ServerHello messages - as such, they were named in pairs of *_clienthello_{needs,build} which would be called by the client and *_clienthello_parse. Likewise for *_serverhello_{needs,build} which would be called by a server and *_serverhello_parse, which would be called by a client.
Enter TLSv1.3 - TLS extensions can now exist in one of seven messages, with only certain types being allowed to appear in each, meaning the naming scheme no longer works. Instead, rename them to indicate the caller rather than the message type - this effectively means:
clienthello_needs -> client_needs clienthello_build -> client_build clienthello_parse -> server_parse serverhello_needs -> server_needs serverhello_build -> server_build serverhello_parse -> client_parse
ok beck@ tb@
|
#
1.14 |
|
09-Nov-2018 |
jsing |
Add header guards and hidden declarations.
|
#
1.13 |
|
05-Nov-2018 |
jsing |
Rename the TLS Supported Elliptic Curves extension to Supported Groups.
RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported Groups and redefined it to include finite field DH (FFDH) in addition to elliptic curve DH (ECDH). As such, rename the TLS extension and change the associated code to refer to groups rather than curves.
ok beck@ tb@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.12 |
|
08-Feb-2018 |
jsing |
Complete the TLS extension rewrite on the client-side.
The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down.
This also deduplicates the tlsext_client_build() and tlsext_server_build() code.
ok beck@
|
#
1.11 |
|
27-Jan-2018 |
jsing |
Complete the TLS extension handling rewrite for the server-side.
This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist.
The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions).
ok inoguchi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.10 |
|
27-Aug-2017 |
doug |
Rewrite SRTP extension using CBB/CBS and the new extension framework.
input + ok beck@, jsing@
|
#
1.9 |
|
26-Aug-2017 |
doug |
Rewrite ALPN extension using CBB/CBS and the new extension framework.
ok bcook@ beck@ input + ok jsing@
|
#
1.8 |
|
12-Aug-2017 |
beck |
Rewrite the TLS status request extension to use the new TLS extension framework. ok jsing@
|
#
1.7 |
|
12-Aug-2017 |
jsing |
Convert TLS signature algorithms extension handling to the new framework.
ok beck@ doug@
|
#
1.6 |
|
12-Aug-2017 |
doug |
Rewrite session ticket TLS extension handling using CBB/CBS and the new extension framework.
ok jsing@ beck@
|
#
1.5 |
|
11-Aug-2017 |
doug |
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.4 |
|
11-Aug-2017 |
jsing |
Add doug@'s copyright since he just added code to these two files.
|
#
1.3 |
|
11-Aug-2017 |
doug |
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.2 |
|
24-Jul-2017 |
jsing |
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework.
Feedback from doug@
ok inoguchi@
|
#
1.1 |
|
16-Jul-2017 |
jsing |
Start rewriting TLS extension handling.
Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code.
Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process.
Discussed with beck@
ok inoguchi@
|
#
1.22 |
|
25-Jan-2020 |
jsing |
Correct value for SSL_TLSEXT_MSG_HRR.
ok beck@ tb@
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.21 |
|
28-Jan-2019 |
beck |
Add tls_extension_seen(), a utility to know if a particular extension has been seen in the handshake so far. Use it for keyshare. ok tb@
|
#
1.20 |
|
24-Jan-2019 |
beck |
Add server side of versions, keyshare, and client and server of cookie extensions for tls1.3. versions is currently defanged to ignore its result until tls13 server side wired in full, so that server side code still works today when we only support tls 1.2 ok bcook@ tb@ jsing@
|
#
1.19 |
|
23-Jan-2019 |
beck |
revert previous, accidentally contained another diff in addition to the one I intended to commit
|
#
1.18 |
|
23-Jan-2019 |
beck |
Modify sigalgs extension processing for TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@
|
#
1.17 |
|
18-Jan-2019 |
beck |
copyright
|
#
1.16 |
|
18-Jan-2019 |
beck |
Add client side of supported versions and keyshare extensions with basic regress ok jsing@
|
#
1.15 |
|
18-Jan-2019 |
jsing |
Rename TLS extension handling to use less "hello".
When the TLS extension code was rewritten, TLS extensions could only exist in ClientHello and ServerHello messages - as such, they were named in pairs of *_clienthello_{needs,build} which would be called by the client and *_clienthello_parse. Likewise for *_serverhello_{needs,build} which would be called by a server and *_serverhello_parse, which would be called by a client.
Enter TLSv1.3 - TLS extensions can now exist in one of seven messages, with only certain types being allowed to appear in each, meaning the naming scheme no longer works. Instead, rename them to indicate the caller rather than the message type - this effectively means:
clienthello_needs -> client_needs clienthello_build -> client_build clienthello_parse -> server_parse serverhello_needs -> server_needs serverhello_build -> server_build serverhello_parse -> client_parse
ok beck@ tb@
|
#
1.14 |
|
09-Nov-2018 |
jsing |
Add header guards and hidden declarations.
|
#
1.13 |
|
05-Nov-2018 |
jsing |
Rename the TLS Supported Elliptic Curves extension to Supported Groups.
RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported Groups and redefined it to include finite field DH (FFDH) in addition to elliptic curve DH (ECDH). As such, rename the TLS extension and change the associated code to refer to groups rather than curves.
ok beck@ tb@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.12 |
|
08-Feb-2018 |
jsing |
Complete the TLS extension rewrite on the client-side.
The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down.
This also deduplicates the tlsext_client_build() and tlsext_server_build() code.
ok beck@
|
#
1.11 |
|
27-Jan-2018 |
jsing |
Complete the TLS extension handling rewrite for the server-side.
This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist.
The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions).
ok inoguchi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.10 |
|
27-Aug-2017 |
doug |
Rewrite SRTP extension using CBB/CBS and the new extension framework.
input + ok beck@, jsing@
|
#
1.9 |
|
26-Aug-2017 |
doug |
Rewrite ALPN extension using CBB/CBS and the new extension framework.
ok bcook@ beck@ input + ok jsing@
|
#
1.8 |
|
12-Aug-2017 |
beck |
Rewrite the TLS status request extension to use the new TLS extension framework. ok jsing@
|
#
1.7 |
|
12-Aug-2017 |
jsing |
Convert TLS signature algorithms extension handling to the new framework.
ok beck@ doug@
|
#
1.6 |
|
12-Aug-2017 |
doug |
Rewrite session ticket TLS extension handling using CBB/CBS and the new extension framework.
ok jsing@ beck@
|
#
1.5 |
|
11-Aug-2017 |
doug |
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.4 |
|
11-Aug-2017 |
jsing |
Add doug@'s copyright since he just added code to these two files.
|
#
1.3 |
|
11-Aug-2017 |
doug |
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.2 |
|
24-Jul-2017 |
jsing |
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework.
Feedback from doug@
ok inoguchi@
|
#
1.1 |
|
16-Jul-2017 |
jsing |
Start rewriting TLS extension handling.
Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code.
Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process.
Discussed with beck@
ok inoguchi@
|
#
1.21 |
|
28-Jan-2019 |
beck |
Add tls_extension_seen(), a utility to know if a particular extension has been seen in the handshake so far. Use it for keyshare. ok tb@
|
#
1.20 |
|
24-Jan-2019 |
beck |
Add server side of versions, keyshare, and client and server of cookie extensions for tls1.3. versions is currently defanged to ignore its result until tls13 server side wired in full, so that server side code still works today when we only support tls 1.2 ok bcook@ tb@ jsing@
|
#
1.19 |
|
23-Jan-2019 |
beck |
revert previous, accidentally contained another diff in addition to the one I intended to commit
|
#
1.18 |
|
23-Jan-2019 |
beck |
Modify sigalgs extension processing for TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@
|
#
1.17 |
|
18-Jan-2019 |
beck |
copyright
|
#
1.16 |
|
18-Jan-2019 |
beck |
Add client side of supported versions and keyshare extensions with basic regress ok jsing@
|
#
1.15 |
|
18-Jan-2019 |
jsing |
Rename TLS extension handling to use less "hello".
When the TLS extension code was rewritten, TLS extensions could only exist in ClientHello and ServerHello messages - as such, they were named in pairs of *_clienthello_{needs,build} which would be called by the client and *_clienthello_parse. Likewise for *_serverhello_{needs,build} which would be called by a server and *_serverhello_parse, which would be called by a client.
Enter TLSv1.3 - TLS extensions can now exist in one of seven messages, with only certain types being allowed to appear in each, meaning the naming scheme no longer works. Instead, rename them to indicate the caller rather than the message type - this effectively means:
clienthello_needs -> client_needs clienthello_build -> client_build clienthello_parse -> server_parse serverhello_needs -> server_needs serverhello_build -> server_build serverhello_parse -> client_parse
ok beck@ tb@
|
#
1.14 |
|
09-Nov-2018 |
jsing |
Add header guards and hidden declarations.
|
#
1.13 |
|
05-Nov-2018 |
jsing |
Rename the TLS Supported Elliptic Curves extension to Supported Groups.
RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported Groups and redefined it to include finite field DH (FFDH) in addition to elliptic curve DH (ECDH). As such, rename the TLS extension and change the associated code to refer to groups rather than curves.
ok beck@ tb@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.12 |
|
08-Feb-2018 |
jsing |
Complete the TLS extension rewrite on the client-side.
The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down.
This also deduplicates the tlsext_client_build() and tlsext_server_build() code.
ok beck@
|
#
1.11 |
|
27-Jan-2018 |
jsing |
Complete the TLS extension handling rewrite for the server-side.
This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist.
The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions).
ok inoguchi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.10 |
|
27-Aug-2017 |
doug |
Rewrite SRTP extension using CBB/CBS and the new extension framework.
input + ok beck@, jsing@
|
#
1.9 |
|
26-Aug-2017 |
doug |
Rewrite ALPN extension using CBB/CBS and the new extension framework.
ok bcook@ beck@ input + ok jsing@
|
#
1.8 |
|
12-Aug-2017 |
beck |
Rewrite the TLS status request extension to use the new TLS extension framework. ok jsing@
|
#
1.7 |
|
12-Aug-2017 |
jsing |
Convert TLS signature algorithms extension handling to the new framework.
ok beck@ doug@
|
#
1.6 |
|
12-Aug-2017 |
doug |
Rewrite session ticket TLS extension handling using CBB/CBS and the new extension framework.
ok jsing@ beck@
|
#
1.5 |
|
11-Aug-2017 |
doug |
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.4 |
|
11-Aug-2017 |
jsing |
Add doug@'s copyright since he just added code to these two files.
|
#
1.3 |
|
11-Aug-2017 |
doug |
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.2 |
|
24-Jul-2017 |
jsing |
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework.
Feedback from doug@
ok inoguchi@
|
#
1.1 |
|
16-Jul-2017 |
jsing |
Start rewriting TLS extension handling.
Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code.
Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process.
Discussed with beck@
ok inoguchi@
|
#
1.20 |
|
24-Jan-2019 |
beck |
Add server side of versions, keyshare, and client and server of cookie extensions for tls1.3. versions is currently defanged to ignore its result until tls13 server side wired in full, so that server side code still works today when we only support tls 1.2 ok bcook@ tb@ jsing@
|
#
1.19 |
|
23-Jan-2019 |
beck |
revert previous, accidentally contained another diff in addition to the one I intended to commit
|
#
1.18 |
|
23-Jan-2019 |
beck |
Modify sigalgs extension processing for TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@
|
#
1.17 |
|
18-Jan-2019 |
beck |
copyright
|
#
1.16 |
|
18-Jan-2019 |
beck |
Add client side of supported versions and keyshare extensions with basic regress ok jsing@
|
#
1.15 |
|
18-Jan-2019 |
jsing |
Rename TLS extension handling to use less "hello".
When the TLS extension code was rewritten, TLS extensions could only exist in ClientHello and ServerHello messages - as such, they were named in pairs of *_clienthello_{needs,build} which would be called by the client and *_clienthello_parse. Likewise for *_serverhello_{needs,build} which would be called by a server and *_serverhello_parse, which would be called by a client.
Enter TLSv1.3 - TLS extensions can now exist in one of seven messages, with only certain types being allowed to appear in each, meaning the naming scheme no longer works. Instead, rename them to indicate the caller rather than the message type - this effectively means:
clienthello_needs -> client_needs clienthello_build -> client_build clienthello_parse -> server_parse serverhello_needs -> server_needs serverhello_build -> server_build serverhello_parse -> client_parse
ok beck@ tb@
|
#
1.14 |
|
09-Nov-2018 |
jsing |
Add header guards and hidden declarations.
|
#
1.13 |
|
05-Nov-2018 |
jsing |
Rename the TLS Supported Elliptic Curves extension to Supported Groups.
RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported Groups and redefined it to include finite field DH (FFDH) in addition to elliptic curve DH (ECDH). As such, rename the TLS extension and change the associated code to refer to groups rather than curves.
ok beck@ tb@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.12 |
|
08-Feb-2018 |
jsing |
Complete the TLS extension rewrite on the client-side.
The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down.
This also deduplicates the tlsext_client_build() and tlsext_server_build() code.
ok beck@
|
#
1.11 |
|
27-Jan-2018 |
jsing |
Complete the TLS extension handling rewrite for the server-side.
This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist.
The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions).
ok inoguchi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.10 |
|
27-Aug-2017 |
doug |
Rewrite SRTP extension using CBB/CBS and the new extension framework.
input + ok beck@, jsing@
|
#
1.9 |
|
26-Aug-2017 |
doug |
Rewrite ALPN extension using CBB/CBS and the new extension framework.
ok bcook@ beck@ input + ok jsing@
|
#
1.8 |
|
12-Aug-2017 |
beck |
Rewrite the TLS status request extension to use the new TLS extension framework. ok jsing@
|
#
1.7 |
|
12-Aug-2017 |
jsing |
Convert TLS signature algorithms extension handling to the new framework.
ok beck@ doug@
|
#
1.6 |
|
12-Aug-2017 |
doug |
Rewrite session ticket TLS extension handling using CBB/CBS and the new extension framework.
ok jsing@ beck@
|
#
1.5 |
|
11-Aug-2017 |
doug |
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.4 |
|
11-Aug-2017 |
jsing |
Add doug@'s copyright since he just added code to these two files.
|
#
1.3 |
|
11-Aug-2017 |
doug |
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.2 |
|
24-Jul-2017 |
jsing |
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework.
Feedback from doug@
ok inoguchi@
|
#
1.1 |
|
16-Jul-2017 |
jsing |
Start rewriting TLS extension handling.
Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code.
Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process.
Discussed with beck@
ok inoguchi@
|
#
1.17 |
|
18-Jan-2019 |
beck |
copyright
|
#
1.16 |
|
18-Jan-2019 |
beck |
Add client side of supported versions and keyshare extensions with basic regress ok jsing@
|
#
1.15 |
|
18-Jan-2019 |
jsing |
Rename TLS extension handling to use less "hello".
When the TLS extension code was rewritten, TLS extensions could only exist in ClientHello and ServerHello messages - as such, they were named in pairs of *_clienthello_{needs,build} which would be called by the client and *_clienthello_parse. Likewise for *_serverhello_{needs,build} which would be called by a server and *_serverhello_parse, which would be called by a client.
Enter TLSv1.3 - TLS extensions can now exist in one of seven messages, with only certain types being allowed to appear in each, meaning the naming scheme no longer works. Instead, rename them to indicate the caller rather than the message type - this effectively means:
clienthello_needs -> client_needs clienthello_build -> client_build clienthello_parse -> server_parse serverhello_needs -> server_needs serverhello_build -> server_build serverhello_parse -> client_parse
ok beck@ tb@
|
#
1.14 |
|
09-Nov-2018 |
jsing |
Add header guards and hidden declarations.
|
#
1.13 |
|
05-Nov-2018 |
jsing |
Rename the TLS Supported Elliptic Curves extension to Supported Groups.
RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported Groups and redefined it to include finite field DH (FFDH) in addition to elliptic curve DH (ECDH). As such, rename the TLS extension and change the associated code to refer to groups rather than curves.
ok beck@ tb@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.12 |
|
08-Feb-2018 |
jsing |
Complete the TLS extension rewrite on the client-side.
The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down.
This also deduplicates the tlsext_client_build() and tlsext_server_build() code.
ok beck@
|
#
1.11 |
|
27-Jan-2018 |
jsing |
Complete the TLS extension handling rewrite for the server-side.
This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist.
The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions).
ok inoguchi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.10 |
|
27-Aug-2017 |
doug |
Rewrite SRTP extension using CBB/CBS and the new extension framework.
input + ok beck@, jsing@
|
#
1.9 |
|
26-Aug-2017 |
doug |
Rewrite ALPN extension using CBB/CBS and the new extension framework.
ok bcook@ beck@ input + ok jsing@
|
#
1.8 |
|
12-Aug-2017 |
beck |
Rewrite the TLS status request extension to use the new TLS extension framework. ok jsing@
|
#
1.7 |
|
12-Aug-2017 |
jsing |
Convert TLS signature algorithms extension handling to the new framework.
ok beck@ doug@
|
#
1.6 |
|
12-Aug-2017 |
doug |
Rewrite session ticket TLS extension handling using CBB/CBS and the new extension framework.
ok jsing@ beck@
|
#
1.5 |
|
11-Aug-2017 |
doug |
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.4 |
|
11-Aug-2017 |
jsing |
Add doug@'s copyright since he just added code to these two files.
|
#
1.3 |
|
11-Aug-2017 |
doug |
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.2 |
|
24-Jul-2017 |
jsing |
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework.
Feedback from doug@
ok inoguchi@
|
#
1.1 |
|
16-Jul-2017 |
jsing |
Start rewriting TLS extension handling.
Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code.
Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process.
Discussed with beck@
ok inoguchi@
|
#
1.14 |
|
09-Nov-2018 |
jsing |
Add header guards and hidden declarations.
|
#
1.13 |
|
05-Nov-2018 |
jsing |
Rename the TLS Supported Elliptic Curves extension to Supported Groups.
RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported Groups and redefined it to include finite field DH (FFDH) in addition to elliptic curve DH (ECDH). As such, rename the TLS extension and change the associated code to refer to groups rather than curves.
ok beck@ tb@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.12 |
|
08-Feb-2018 |
jsing |
Complete the TLS extension rewrite on the client-side.
The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down.
This also deduplicates the tlsext_client_build() and tlsext_server_build() code.
ok beck@
|
#
1.11 |
|
27-Jan-2018 |
jsing |
Complete the TLS extension handling rewrite for the server-side.
This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist.
The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions).
ok inoguchi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.10 |
|
27-Aug-2017 |
doug |
Rewrite SRTP extension using CBB/CBS and the new extension framework.
input + ok beck@, jsing@
|
#
1.9 |
|
26-Aug-2017 |
doug |
Rewrite ALPN extension using CBB/CBS and the new extension framework.
ok bcook@ beck@ input + ok jsing@
|
#
1.8 |
|
12-Aug-2017 |
beck |
Rewrite the TLS status request extension to use the new TLS extension framework. ok jsing@
|
#
1.7 |
|
12-Aug-2017 |
jsing |
Convert TLS signature algorithms extension handling to the new framework.
ok beck@ doug@
|
#
1.6 |
|
12-Aug-2017 |
doug |
Rewrite session ticket TLS extension handling using CBB/CBS and the new extension framework.
ok jsing@ beck@
|
#
1.5 |
|
11-Aug-2017 |
doug |
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.4 |
|
11-Aug-2017 |
jsing |
Add doug@'s copyright since he just added code to these two files.
|
#
1.3 |
|
11-Aug-2017 |
doug |
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.2 |
|
24-Jul-2017 |
jsing |
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework.
Feedback from doug@
ok inoguchi@
|
#
1.1 |
|
16-Jul-2017 |
jsing |
Start rewriting TLS extension handling.
Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code.
Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process.
Discussed with beck@
ok inoguchi@
|
#
1.13 |
|
05-Nov-2018 |
jsing |
Rename the TLS Supported Elliptic Curves extension to Supported Groups.
RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported Groups and redefined it to include finite field DH (FFDH) in addition to elliptic curve DH (ECDH). As such, rename the TLS extension and change the associated code to refer to groups rather than curves.
ok beck@ tb@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.12 |
|
08-Feb-2018 |
jsing |
Complete the TLS extension rewrite on the client-side.
The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down.
This also deduplicates the tlsext_client_build() and tlsext_server_build() code.
ok beck@
|
#
1.11 |
|
27-Jan-2018 |
jsing |
Complete the TLS extension handling rewrite for the server-side.
This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist.
The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions).
ok inoguchi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.10 |
|
27-Aug-2017 |
doug |
Rewrite SRTP extension using CBB/CBS and the new extension framework.
input + ok beck@, jsing@
|
#
1.9 |
|
26-Aug-2017 |
doug |
Rewrite ALPN extension using CBB/CBS and the new extension framework.
ok bcook@ beck@ input + ok jsing@
|
#
1.8 |
|
12-Aug-2017 |
beck |
Rewrite the TLS status request extension to use the new TLS extension framework. ok jsing@
|
#
1.7 |
|
12-Aug-2017 |
jsing |
Convert TLS signature algorithms extension handling to the new framework.
ok beck@ doug@
|
#
1.6 |
|
12-Aug-2017 |
doug |
Rewrite session ticket TLS extension handling using CBB/CBS and the new extension framework.
ok jsing@ beck@
|
#
1.5 |
|
11-Aug-2017 |
doug |
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.4 |
|
11-Aug-2017 |
jsing |
Add doug@'s copyright since he just added code to these two files.
|
#
1.3 |
|
11-Aug-2017 |
doug |
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.2 |
|
24-Jul-2017 |
jsing |
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework.
Feedback from doug@
ok inoguchi@
|
#
1.1 |
|
16-Jul-2017 |
jsing |
Start rewriting TLS extension handling.
Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code.
Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process.
Discussed with beck@
ok inoguchi@
|
#
1.12 |
|
08-Feb-2018 |
jsing |
Complete the TLS extension rewrite on the client-side.
The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down.
This also deduplicates the tlsext_client_build() and tlsext_server_build() code.
ok beck@
|
#
1.11 |
|
27-Jan-2018 |
jsing |
Complete the TLS extension handling rewrite for the server-side.
This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist.
The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions).
ok inoguchi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.10 |
|
27-Aug-2017 |
doug |
Rewrite SRTP extension using CBB/CBS and the new extension framework.
input + ok beck@, jsing@
|
#
1.9 |
|
26-Aug-2017 |
doug |
Rewrite ALPN extension using CBB/CBS and the new extension framework.
ok bcook@ beck@ input + ok jsing@
|
#
1.8 |
|
12-Aug-2017 |
beck |
Rewrite the TLS status request extension to use the new TLS extension framework. ok jsing@
|
#
1.7 |
|
12-Aug-2017 |
jsing |
Convert TLS signature algorithms extension handling to the new framework.
ok beck@ doug@
|
#
1.6 |
|
12-Aug-2017 |
doug |
Rewrite session ticket TLS extension handling using CBB/CBS and the new extension framework.
ok jsing@ beck@
|
#
1.5 |
|
11-Aug-2017 |
doug |
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.4 |
|
11-Aug-2017 |
jsing |
Add doug@'s copyright since he just added code to these two files.
|
#
1.3 |
|
11-Aug-2017 |
doug |
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.2 |
|
24-Jul-2017 |
jsing |
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework.
Feedback from doug@
ok inoguchi@
|
#
1.1 |
|
16-Jul-2017 |
jsing |
Start rewriting TLS extension handling.
Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code.
Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process.
Discussed with beck@
ok inoguchi@
|
#
1.11 |
|
27-Jan-2018 |
jsing |
Complete the TLS extension handling rewrite for the server-side.
This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist.
The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions).
ok inoguchi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.10 |
|
27-Aug-2017 |
doug |
Rewrite SRTP extension using CBB/CBS and the new extension framework.
input + ok beck@, jsing@
|
#
1.9 |
|
26-Aug-2017 |
doug |
Rewrite ALPN extension using CBB/CBS and the new extension framework.
ok bcook@ beck@ input + ok jsing@
|
#
1.8 |
|
12-Aug-2017 |
beck |
Rewrite the TLS status request extension to use the new TLS extension framework. ok jsing@
|
#
1.7 |
|
12-Aug-2017 |
jsing |
Convert TLS signature algorithms extension handling to the new framework.
ok beck@ doug@
|
#
1.6 |
|
12-Aug-2017 |
doug |
Rewrite session ticket TLS extension handling using CBB/CBS and the new extension framework.
ok jsing@ beck@
|
#
1.5 |
|
11-Aug-2017 |
doug |
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.4 |
|
11-Aug-2017 |
jsing |
Add doug@'s copyright since he just added code to these two files.
|
#
1.3 |
|
11-Aug-2017 |
doug |
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.2 |
|
24-Jul-2017 |
jsing |
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework.
Feedback from doug@
ok inoguchi@
|
#
1.1 |
|
16-Jul-2017 |
jsing |
Start rewriting TLS extension handling.
Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code.
Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process.
Discussed with beck@
ok inoguchi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.10 |
|
27-Aug-2017 |
doug |
Rewrite SRTP extension using CBB/CBS and the new extension framework.
input + ok beck@, jsing@
|
#
1.9 |
|
26-Aug-2017 |
doug |
Rewrite ALPN extension using CBB/CBS and the new extension framework.
ok bcook@ beck@ input + ok jsing@
|
#
1.8 |
|
12-Aug-2017 |
beck |
Rewrite the TLS status request extension to use the new TLS extension framework. ok jsing@
|
#
1.7 |
|
12-Aug-2017 |
jsing |
Convert TLS signature algorithms extension handling to the new framework.
ok beck@ doug@
|
#
1.6 |
|
12-Aug-2017 |
doug |
Rewrite session ticket TLS extension handling using CBB/CBS and the new extension framework.
ok jsing@ beck@
|
#
1.5 |
|
11-Aug-2017 |
doug |
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.4 |
|
11-Aug-2017 |
jsing |
Add doug@'s copyright since he just added code to these two files.
|
#
1.3 |
|
11-Aug-2017 |
doug |
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework.
input + ok jsing@
|
#
1.2 |
|
24-Jul-2017 |
jsing |
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework.
Feedback from doug@
ok inoguchi@
|
#
1.1 |
|
16-Jul-2017 |
jsing |
Start rewriting TLS extension handling.
Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code.
Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process.
Discussed with beck@
ok inoguchi@
|